6.0
Table Of Contents
- View Installation
- Contents
- View Installation
- System Requirements for Server Components
- System Requirements for Guest Operating Systems
- Preparing Active Directory
- Configuring Domains and Trust Relationships
- Creating an OU for Remote Desktops
- Creating OUs and Groups for Kiosk Mode Client Accounts
- Creating Groups for Users
- Creating a User Account for vCenter Server
- Create a User Account for View Composer
- Configure the Restricted Groups Policy
- Using View Group Policy Administrative Template Files
- Prepare Active Directory for Smart Card Authentication
- Installing View Composer
- Installing View Connection Server
- Installing the View Connection Server Software
- Installation Prerequisites for View Connection Server
- Install View Connection Server with a New Configuration
- Install a Replicated Instance of View Connection Server
- Configure a Security Server Pairing Password
- Install a Security Server
- Firewall Rules for View Connection Server
- Reinstall View Connection Server with a Backup Configuration
- Microsoft Windows Installer Command-Line Options
- Uninstalling View Components Silently by Using MSI Command-Line Options
- Configuring SSL Certificates for View Servers
- Understanding SSL Certificates for View Servers
- Overview of Tasks for Setting Up SSL Certificates
- Obtaining a Signed SSL Certificate from a CA
- Configure View Connection Server, Security Server, or View Composer to Use a New SSL Certificate
- Configure Client Endpoints to Trust Root and Intermediate Certificates
- Configuring Certificate Revocation Checking on Server Certificates
- Configure the PCoIP Secure Gateway to Use a New SSL Certificate
- Setting View Administrator to Trust a vCenter Server or View Composer Certificate
- Benefits of Using SSL Certificates Signed by a CA
- Troubleshooting Certificate Issues on View Connection Server and Security Server
- Configuring View for the First Time
- Configuring User Accounts for vCenter Server and View Composer
- Configuring View Connection Server for the First Time
- View Administrator and View Connection Server
- Log In to View Administrator
- Install the Product License Key
- Add vCenter Server Instances to View
- Configure View Composer Settings
- Configure View Composer Domains
- Allow vSphere to Reclaim Disk Space in Linked-Clone Virtual Machines
- Configure View Storage Accelerator for vCenter Server
- Concurrent Operations Limits for vCenter Server and View Composer
- Setting a Concurrent Power Operations Rate to Support Remote Desktop Logon Storms
- Accept the Thumbprint of a Default SSL Certificate
- Configuring Horizon Client Connections
- Replacing Default Ports for View Services
- Replace the Default HTTP Ports or NICs for View Connection Server Instances and Security Servers
- Replace the Default Ports or NICs for the PCoIP Secure Gateway on View Connection Server Instances and on Security Servers
- Replace the Default Port for View Composer
- Change the Port Number for HTTP Redirection to Connection Server
- Prevent HTTP Redirection for Client Connections to Connection Server
- Enable Remote Access to View Performance Counters on Connection Servers
- Sizing Windows Server Settings to Support Your Deployment
- Configuring Event Reporting
- Index
Using View Group Policy Administrative Template Files
View includes several component-specific group policy administrative (ADM and ADMX) template files.
All ADM and ADMX files that provide group policy settings for View are available in a bundled .zip file
named VMware-Horizon-View-GPO-Bundle-x.x.x-yyyyyyy.zip, where x.x.x is the version and yyyyyyy is the
build number. You can download the file from the VMware Horizon (with View) download site at
http://www.vmware.com/go/downloadview.
You can optimize and secure remote desktops by adding the policy settings in these files to a new or
existing GPO in Active Directory and then linking that GPO to the OU that contains your desktops.
See the View Administration and Setting Up Desktop and Application Pools in View documents for information
on using View group policy settings.
Prepare Active Directory for Smart Card Authentication
You might need to perform certain tasks in Active Directory when you implement smart card
authentication.
n
Add UPNs for Smart Card Users on page 23
Because smart card logins rely on user principal names (UPNs), the Active Directory accounts of users
and administrators that use smart cards to authenticate in View must have a valid UPN.
n
Add the Root Certificate to Trusted Root Certification Authorities on page 24
If you use a certification authority (CA) to issue smart card login or domain controller certificates, you
must add the root certificate to the Trusted Root Certification Authorities group policy in Active
Directory. You do not need to perform this procedure if the Windows domain controller acts as the
root CA.
n
Add an Intermediate Certificate to Intermediate Certification Authorities on page 25
If you use an intermediate certification authority (CA) to issue smart card login or domain controller
certificates, you must add the intermediate certificate to the Intermediate Certification Authorities
group policy in Active Directory.
n
Add the Root Certificate to the Enterprise NTAuth Store on page 25
If you use a CA to issue smart card login or domain controller certificates, you must add the root
certificate to the Enterprise NTAuth store in Active Directory. You do not need to perform this
procedure if the Windows domain controller acts as the root CA.
Add UPNs for Smart Card Users
Because smart card logins rely on user principal names (UPNs), the Active Directory accounts of users and
administrators that use smart cards to authenticate in View must have a valid UPN.
If the domain a smart card user resides in is different from the domain that your root certificate was issued
from, you must set the user’s UPN to the Subject Alternative Name (SAN) contained in the root certificate of
the trusted CA. If your root certificate was issued from a server in the smart card user's current domain, you
do not need to modify the user's UPN.
NOTE You might need to set the UPN for built-in Active Directory accounts, even if the certificate is issued
from the same domain. Built-in accounts, including Administrator, do not have a UPN set by default.
Prerequisites
n
Obtain the SAN contained in the root certificate of the trusted CA by viewing the certificate properties.
Chapter 3 Preparing Active Directory
VMware, Inc. 23